From d4194cba6a0282e3cd6bdbc5e2080f64eb7da972 Mon Sep 17 00:00:00 2001 From: Maycon Santos Date: Sat, 20 Jan 2024 23:50:57 +0100 Subject: [PATCH] Fix race condition with JWT group sync (#1486) This PR fixes the issue that caused JWT group membership not being store Therefore causing many event logs and inconsistency --- management/server/account.go | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/management/server/account.go b/management/server/account.go index 704616bb0..79bde81ea 100644 --- a/management/server/account.go +++ b/management/server/account.go @@ -1544,7 +1544,19 @@ func (am *DefaultAccountManager) GetAccountFromToken(claims jwtclaims.Authorizat log.Infof("overriding JWT Domain and DomainCategory claims since single account mode is enabled") } - account, err := am.getAccountWithAuthorizationClaims(claims) + newAcc, err := am.getAccountWithAuthorizationClaims(claims) + if err != nil { + return nil, nil, err + } + unlock := am.Store.AcquireAccountLock(newAcc.Id) + alreadyUnlocked := false + defer func() { + if !alreadyUnlocked { + unlock() + } + }() + + account, err := am.Store.GetAccount(newAcc.Id) if err != nil { return nil, nil, err } @@ -1593,6 +1605,8 @@ func (am *DefaultAccountManager) GetAccountFromToken(claims jwtclaims.Authorizat log.Errorf("failed to save account: %v", err) } else { am.updateAccountPeers(account) + unlock() + alreadyUnlocked = true for _, g := range addNewGroups { if group := account.GetGroup(g); group != nil { am.StoreEvent(user.Id, user.Id, account.Id, activity.GroupAddedToUser,